<?php

namespace app\frontend\middleware;

// 全局中间件
use think\Response;

class CorsMiddleware
{
    public function handle($request, \Closure $next)
    {
        $response = $next($request);

        return $response->header([
            'Access-Control-Allow-Origin' => config('app.cors_origin', '*'),
            'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, OPTIONS',
            'Access-Control-Allow-Headers' => 'Authorization, Content-Type',
            'Access-Control-Expose-Headers' => 'New-Access-Token',
            'Access-Control-Allow-Credentials' => 'true',
        ]);
    }
}